From f4fb9faebd5ed47abf397ecee2be43d3457fe89f Mon Sep 17 00:00:00 2001
From: Mahavir Jain <mahavir@espressif.com>
Date: Fri, 15 May 2026 09:48:56 +0530
Subject: [PATCH] fix(openthread): exclude CVE-2026-8369 from the list

---
 components/openthread/sbom.yml            | 2 +-
 components/openthread/sbom_openthread.yml | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/components/openthread/sbom.yml b/components/openthread/sbom.yml
index c4f2ae6377c..d159e3f98b3 100644
--- a/components/openthread/sbom.yml
+++ b/components/openthread/sbom.yml
@@ -1,5 +1,5 @@
 name: 'openthread component'
-version: '2023-07-06'
+version: '2025-06-12'
 supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
 description: Espressif fork of OpenThread project, used to maintain ESP-specific patches and release branches
 manifests:
diff --git a/components/openthread/sbom_openthread.yml b/components/openthread/sbom_openthread.yml
index ea5d2d11e7c..9d7a43b78f7 100644
--- a/components/openthread/sbom_openthread.yml
+++ b/components/openthread/sbom_openthread.yml
@@ -1,8 +1,11 @@
 name: 'openthread'
-version: '2023-07-06'
+version: '2025-06-12'
 cpe: cpe:2.3:o:google:openthread:{}:*:*:*:*:*:*:*
 supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
 originator: 'Organization: Google LLC'
 description: OpenThread released by Google is an open-source implementation of the Thread networking
 url: https://github.com/espressif/openthread
 hash: a98813b30ae58f9a95ece680b9cc46c3874de6ea
+cve-exclude-list:
+  - cve: CVE-2026-8369
+    reason: We use Espressif’s NAT64 implementation and hence this CVE from the upstream NAT64 implementation is not applicable.